[Previous] [Next] [Index]
[Thread]
RE: N$ SSL vs M$ PCT
At the risk of getting my head cut off
[ I have had no part in the PCT effort and have done no more than skim
the draft. ]
"John Hemming CEO MarketNet" <JohnHemming@mkn.co.uk> wrote:
| 2. Message authentication uses different keys to the encryption keys. How
| this helps, apart from making implementation harder, I cannot quite
fathom. We
| should not be using this secure channel protocol for proper message
authentication
| only. The MAC (Message Authentication Code) is not what I would use for
| authentication from a legal and contractual background. I prefer
Digitally Signed
| Instructions.
I thought this was to allow the use of stronger keys for authentication
while still using weak keys for encryption (ITAR rearing its ugly head.)
- Jon T
Follow-Ups: